-
cups (1.4.4-6ubuntu2.4) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via missing code words
- debian/patches/CVE-2011-2896.dpatch: improve logic in
filter/image-gif.c.
- CVE-2011-2896
* SECURITY UPDATE: arbitrary code execution via incorrect code word
handling
- debian/patches/CVE-2011-3170.dpatch: don't overflow in
filter/image-gif.c.
- CVE-2011-3170
-- Marc Deslauriers <email address hidden> Mon, 12 Sep 2011 09:20:08 -0400
-
cups (1.4.4-6ubuntu2.3) maverick-security; urgency=low
* ubuntu-upstart.dpatch: update to explicitly load the AppArmor profile
to avoid race condition where cups could load before AppArmor and run
unconfined (LP: #690040)
-- Jamie Strandboge <email address hidden> Tue, 04 Jan 2011 09:52:12 -0600
-
cups (1.4.4-6ubuntu2.2) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
invalid free
- debian/patches/CVE-2010-2941.dpatch: skip over and reserve unused
tags in cups/ipp.{c,h}.
- CVE-2010-2941
-- Marc Deslauriers <email address hidden> Tue, 02 Nov 2010 10:21:01 -0400
-
cups (1.4.4-6ubuntu2.1) maverick-proposed; urgency=low
* debian/control: Added dependency on "cups-ppdc" package to the "cups"
package, so that the PPDs of the drivers which come with CUPS get built
(LP: #485383).
-- Till Kamppeter <email address hidden> Fri, 15 Oct 2010 13:04:33 +0200
-
cups (1.4.4-6ubuntu2) maverick; urgency=low
* ubuntu-upstart.dpatch: If D-BUS is not available, start on runlevels 2 to
5, so that this also works in server environments. Patch cherrypicked from
packaging trunk. (LP: #650893)
-- Martin Pitt <email address hidden> Wed, 29 Sep 2010 11:01:42 +0200
-
cups (1.4.4-6ubuntu1) maverick; urgency=low
* ubuntu-upstart.dpatch: Wait until daemon is ready, to avoid race
conditions with init scripts which expect cups tools to work right after
restarting it. This fixes a regression from the upstartification.
Patch cherrypicked from packaging trunk. (LP: #647369)
* debian/control: Update Vcs-Bzr: for Maverick branch.
-- Martin Pitt <email address hidden> Mon, 27 Sep 2010 17:49:29 +0200
-
cups (1.4.4-6) unstable; urgency=low
* debian/cups.preinst: Go back to using lsb-release, since dpkg-vendor is
not installed by default (it's in dpkg-dev). Bump the version guard to
this version, to reattempt the migration. (LP: #645328)
-- Martin Pitt <email address hidden> Thu, 23 Sep 2010 08:47:11 +0200
-
cups (1.4.4-5) unstable; urgency=low
[ Martin Pitt ]
* ubuntu-upstart.dpatch: Drop the dependency "on starting smbd", it causes
samba to hang on package upgrades or manual restarts. There doesn't seem
to be a good way to express this dependency right now. (LP: #639768)
Instead, send a SIGHUP to smbd if it is running, which causes it to reload
printers.
[ Till Kamppeter ]
* pstops-based-workflow-only-for-printing-ps-on-a-ps-printer.dpatch:
Let CUPS use the former PostScript-based filter chain only if the input
file is PostScript and the printer is a PostScript printer with
manufacturer-supplied PPD file. This avoids ugly PS->PDF->PS conversions
which are bad for the performance and sometimes cause issues
(Closes: #593338, requested by Ricoh).
-- Martin Pitt <email address hidden> Thu, 16 Sep 2010 18:57:06 +0200
-
cups (1.4.4-4ubuntu1) maverick; urgency=low
* ubuntu-upstart.dpatch: Drop the dependency "on starting smbd", it causes
samba to hang on package upgrades or manual restarts. There doesn't seem
to be a good way to express this dependency right now. (LP: #639768)
-- Martin Pitt <email address hidden> Thu, 16 Sep 2010 17:48:42 +0200
-
cups (1.4.4-4) unstable; urgency=low
[ Till Kamppeter ]
* default-ripcache-size-auto.dpatch: Replaced patch for letting CUPS default
RIP_MAX_CACHE to 1/4 of the system's RAM by a patch defaulting
RIP_MAX_CACHE to "auto". See LP: #628030.
* debian/patches/cups-snmp-oids-device-id-hp-ricoh.dpatch: Let the "snmp"
backend also use the manufacturer-specific MIBs of HP and Ricoh to
obtain the device IDs of network-connected printers. This way we get more
reliable information about make and model and in addition the supported
page description languages, which allow to identify whether an optional
PostScript add-on is installed or for an unsupported printer which
generic PPD is the best choice (requested by Ricoh, thanks to Tim Waugh
from Red Hat to create the patch).
[ Martin Pitt ]
* debian/control: Drop perl-modules dependency. The only script that uses
perl is oopstops, which uses IO::Handle, and this is in perl-base.
* debian/control, debian/rules, ubuntu-*.dpatch: Replace lsb_release call
with dpkg-vendor, and drop lsb-release build dependency.
* Upstartify for Ubuntu:
- Add ubuntu-upstart.dpatch: Add debian/cups.upstart script, which now
causes Samba to wait for cups to start. Don't have it in debian/ by
default, since dh_installinit unconditionally prefers it over .init.
- debian/rules: Call dh_installinit with --upstart-only when building on
Ubuntu.
- debian/cups.preinst: Remove old init script on upgrades when running on
Ubuntu.
* debian/cups.preinst: Remove some obsolete transitional code.
* debian/cups.init.d, debian/cups.postinst: Move custom PPD directory setup
from init script into postinst. No need to do that on every boot.
-- Martin Pitt <email address hidden> Tue, 14 Sep 2010 18:49:39 +0200
-
cups (1.4.4-3ubuntu2) maverick; urgency=low
* debian/patches/cups-snmp-oids-device-id-hp-ricoh.dpatch: Let the "snmp"
backend also use the manufacturer-specific MIBs of HP and Ricoh to
obtain the device IDs of network-connected printers. This way we get more
reliable information about make and model and in addition the supported
page description languages, which allow to identify whether an optional
PostScript add-on is installed or for an unsupported printer which
generic PPD is the best choice (requested by Ricoh, thanks to Tim Waugh
from Red Hat to create the patch).
* debian/patches/non-ubuntu-dynamic-default-ripcache-size.dpatch,
debian/patches/ubuntu-default-ripcache-size-auto.dpatch,
debian/patches/default-ripcache-size-auto.dpatch: Let RIP_MAX_CACHE
default to "auto" in Ubuntu AND Debian. Debian's Ghostscript also
has the patch for automatic memory management for the CUPS Raster
output device.
-- Till Kamppeter <email address hidden> Fri, 10 Sep 2010 21:03:33 +0200
-
cups (1.4.4-3ubuntu1) maverick; urgency=low
[ Till Kamppeter ]
* debian/patches/dynamic-default-ripcache-size.dpatch,
debian/patches/non-ubuntu-dynamic-default-ripcache-size.dpatch,
debian/patches/ubuntu-default-ripcache-size-auto.dpatch:
Replaced patch for letting CUPS default RIP_MAX_CACHE to 1/4 of the
system's RAM by a patch defaulting RIP_MAX_CACHE to "auto" only in
Ubuntu as there we have a Ghostscript version which managers its
needed memory size automatically. In non-Ubuntu distributions we stay
with the 1/4 of system RAM patch.
[ Martin Pitt ]
* debian/control: Drop perl-modules dependency. The only script that uses
perl is oopstops, which uses IO::Handle, and this is in perl-base.
-- Till Kamppeter <email address hidden> Thu, 2 Sep 2010 20:03:33 +0200
-
cups (1.4.4-3) unstable; urgency=low
[ Jamie Strandboge ]
* debian/cups.post{inst,rm}: update for local include file
* debian/local/apparmor-profile: add local include file
[ Martin Pitt ]
* debian/rules: Stop building with --enable-threads, since currenu GnuTLS
does not work with threads. This brings back the lost SSL/TLS support.
(Closes: #588234, #591509)
* debian/libcups2.symbols: Readd _http{Read,Write}GNUTLS@Base symbols to
ensure that autogenerated shlibs dependencies for libcups get tight
enough.
* manpage-translations.dpatch: Update German manpage translations, thanks
Helge Kreutzmann! (Closes: #588028)
* debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated
.symbols files more strongly.
* debian/libcups2.symbols, debian/libcupsimage2.symbols: Subsume private
optional symbols into regexps.
-- Martin Pitt <email address hidden> Wed, 11 Aug 2010 19:03:01 +0200
-
cups (1.4.4-2ubuntu2) maverick; urgency=low
* debian/cups.post{inst,rm}: update for local include file
* debian/local/apparmor-profile: add local include file
-- Jamie Strandboge <email address hidden> Fri, 06 Aug 2010 17:49:04 -0500
-
cups (1.4.4-2ubuntu1) maverick; urgency=low
* debian/libcups2.symbols:
- update missing symbols
* No other change upload to build against current poppler library ABI.
-- Didier Roche <email address hidden> Thu, 05 Aug 2010 12:17:09 +0200
-
cups (1.4.4-2) unstable; urgency=low
[ Till Kamppeter ]
* debian/local/filters/pdf-filters/filter/fontembed/bitset.h,
debian/local/filters/pdf-filters/filter/fontembed/sfnt.c,
debian/local/filters/pdf-filters/filter/texttopdf.c: Fixed bug with
subsetting certain composite chars (LP: #605479).
* debian/local/acroread.conf, debian/local/pdftops.conf, debian/cups.install:
Removed /etc/cups/acroread.conf and /etc/cups/pdftops.conf. These two files
were used by the alternative pdftops filter from Helge Blischke. As we
switched back to the original pdftops filter these files are not needed any
more (LP: #605564).
* debian/local/filters/cpdftocps: The PostScript level from the PPD file
was not used, but always the default value "2" instead. This made Xerox
color laser printers crash on some files. Thanks to Roel van Os for the
patch (LP: #600972).
[ Martin Pitt ]
* debian/control: Reintroduce the libcupsys2{-dev} Provides:, since some
third-party printer drivers still depend on them. (LP: #433311)
* debian/control: Have libcups2 break older cups versions. (Closes: #588643)
-- Martin Pitt <email address hidden> Sat, 24 Jul 2010 19:38:50 +0200
-
cups (1.4.4-1) unstable; urgency=medium
[ Till Kamppeter ]
* debian/cups.init.d: When loading kernel modules for the parallel port
load also the "parport_pc" module (LP: #369850).
* debian/filters/pstopdf: Fixed the problem of the UseCIEColor warning of
Ghostscript correctly. The file format converter should not do any kind
of color correction but simply pass the colors through (LP: #578181).
* debian/patches/cups-deviced-allow-device-ids-with-newline.dpatch: Some
printers have broken device IDs with newline characters inside. These
break the cups-deviced printer discovery mechanism and so the printers
get ignored. This patch allows newline characters in device IDs
(LP: #468701).
[ Martin Pitt ]
* New upstream bug fix/security release. Therefore "medium" urgency.
- CUPS could overwrite files as root in directories owned or writable by
non-root users. [STR #3510, CVE-2010-2431]
- The web interface now includes additional CSRF protection.
[STR #3498, CVE-2010-0540]
- The texttops filter did not check the results of allocations.
[STR #3516, CVE-2010-0542]
- The web admin interface could disclose the contents of memory.
[STR #3577, CVE-2010-1748]
* Drop select_use_after_free.dpatch: Applied upstream.
* do-not-broadcast-with-hostnames.dpatch: Update to apply to new version.
* debian/libcups2.symbols, debian/libcupscgi1.symbols: Update for new
version.
* Add support-gzipped-charmaps.dpatch: Support gzipped charset → UTF8 maps;
they compress very well and take a lot of space.
* debian/rules: Compress /usr/share/cups/charmaps/*.txt in cups-common.
* debian/local/filters/pdf-filters/*: Reenable call of setErrorFunction() on
armel, now that poppler on arm has been fixed (see #575262)
* debian/cups.postinst: Drop some obsolete transition code.
* debian/cups.postinst: Some versions of cups-pdf (and perhaps other
packages) changed the permissions of /usr/lib/cups/backend. Fix that
during upgrade. (Closes: #582942)
* debian/control: Drop all the transitional cupsys* packages and the
remaining provides/conflicts/replaces on them. All packages in sid are now
transitioned to the new package names, and Lenny already had them.
-- Martin Pitt <email address hidden> Tue, 29 Jun 2010 19:03:39 +0200
-
cups (1.4.3-1ubuntu1) lucid-proposed; urgency=low
* debian/filters/pstopdf: Fixed the problem of the UseCIEColor warning of
Ghostscript correctly. The file format converter should not do any kind
of color correction but simply pass the colors through (LP: #578181).
* debian/patches/cups-deviced-allow-device-ids-with-newline.dpatch: Some
printers have broken device IDs with newline characters inside. These
break the cups-deviced printer discovery mechanism and so the printers
get ignored. This patch allows newline characters in device IDs
(LP: #468701).
-- Till Kamppeter <email address hidden> Fri, 14 May 2010 15:51:54 +0200
-
cups (1.4.3-1) unstable; urgency=low
[ Till Kamppeter ]
* debian/filters/pstopdf: Use "-dUseCIEColor" for the Ghostscript call in the
pstopdf filter, to eliminate the warning "Set UseCIEColor for
UseDeviceIndependentColor to work properly.".
[ Martin Pitt ]
* New upstream bug fix release. See http://www.cups.org/articles.php?L594
for details.
* Drop CVE-2010-0393.dpatch, upstream now.
* Update usb-backend-both-usblp-and-libusb.dpatch for new version.
* select_use_after_free.dpatch: Add additional fix by Tim Waugh and Vincent
Danen for CVE-2010-0302, and update tag header. (Closes: #572940)
-- Martin Pitt <email address hidden> Fri, 09 Apr 2010 16:19:16 +0200
